You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/01/05 14:20:59 UTC

[jira] [Commented] (THRIFT-3984) PHP7 extenstion cause segfault

    [ https://issues.apache.org/jira/browse/THRIFT-3984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15801464#comment-15801464 ] 

ASF GitHub Bot commented on THRIFT-3984:
----------------------------------------

GitHub user zhaakhi opened a pull request:

    https://github.com/apache/thrift/pull/1152

    THRIFT-3984 PHP7 extension causes segfault 

    Fix a double-free when serializing string map keys or the name of called methods, and a memory leak when deserializing maps or sets.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/zhaakhi/thrift THRIFT-3984

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/thrift/pull/1152.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1152
    
----
commit d956e2fc998ff4cee463b5ef39758b3cbe4d635e
Author: Håkon Hitland <ha...@zedge.net>
Date:   2016-12-05T17:42:41Z

    THRIFT-3984 PHP7 extension causes segfault
    
    The PHP 7 extension can sometimes free strings it does not own,
    when serializing string map keys, or the name of called methods.
    The latter case was somewhat migitated since the double-free has no
    effect on interned strings.
    Using ZVAL_STR_COPY instead of ZVAL_STR will increment the reference
    count, making the following destructor call correct.

commit e4b6425086938ab42f7d097324dea9c2136dbcba
Author: Håkon Hitland <ha...@zedge.net>
Date:   2016-12-05T20:08:19Z

    Fix memory leak in PHP 7
    
    Fix memory leak when deserializing maps or sets.
    zend_hash_update will add its own reference to the key, so we need to
    destruct the key zval to not leak.
    We don't need to destruct the value, the hash table will take ownership
    of it.

----


> PHP7 extenstion cause segfault
> ------------------------------
>
>                 Key: THRIFT-3984
>                 URL: https://issues.apache.org/jira/browse/THRIFT-3984
>             Project: Thrift
>          Issue Type: Bug
>          Components: PHP - Library
>    Affects Versions: 0.10.0
>            Reporter: Fei Dong
>            Priority: Critical
>
> I cant offer a script to reproduce segfault because it  not happens everytime. 
> PHP7 extension use ZVAL_STR to wrap zend_string to zval struct,and later use zval_dtor try to free it.
> https://github.com/apache/thrift/blob/master/lib/php/src/ext/thrift_protocol/php_thrift_protocol7.cpp#L825
> The method_name parameter is pass from PHP script,  and zval_dtor decrement the gc reference count, thus would free the zend_string object but it is still referenced in the script.
> I  changed  ZVAL_STR to ZVAL_STR_COPY, which will add reference count by 1 to the zend_string object ,  apply this patch in our production environment and segfault never happen again
> Another place use ZVAL_STR is [here|https://github.com/apache/thrift/blob/master/lib/php/src/ext/thrift_protocol/php_thrift_protocol7.cpp#L668]. Both this two place need to be fixed 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)